Talos has noticed that the BlackByte ransomware gang is using new techniques in addition to their usual methods. Further investigation and comparing new instances with existing data suggests that BlackByte has been more active than previously thought.
A recent investigation and blog by Talos shows that BlackByte still uses its standard tools but with some modifications.
In a recent case, they gained initial access by brute-forcing an account with a common name and a weak password through the VPN interface. This might indicate opportunism or a slight change in tactics, as this route offers additional advantages, including reduced visibility from the victim’s EDR.
Read more: BlackByte Ransomware Gang Believed to Be More Active Than Leak Site Suggests
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.